Linux – How to grep a group of files within a time range

bashgreplinuxunix

I'm trying to write a script used on a buffer box that does full packet capture of network traffic. As it's for a fairly big network we split the captures into 100MB segments. At times of high network traffic oftentimes over a one minute period we will have multiple pcaps which cover that period.

So what I want to do is have a bash script that lets the analyst who is searching for something specify a date and time and how many minutes either side of it they want to search for files. Obviously I can do something like this – 

ls -al | grep "Dec  1" | grep 02:00
ls -al | grep "Dec  1" | grep 02:01

and so on, get each result and grep each file individually for the specific keyword I'm looking for, but I'd like to be able to do a wider search for all files created within a time range and then grep each of them for the keyword.

I'm not entirely sure how to do that, any help would be appreciated.

Best Answer

Some of the fine things find (on GNU/Linux) can do for you:

Units:

  • n exactly n untis
  • -n less than n units
  • +n more than n units -

What happened:

  • -atime: last time accessed
  • -ctime: changes on file itself (permissions, owners, …), not its content
  • -mtime: file's content changed
  • -amin n: n minutes age
  • -atime n: n days (24 hours) ago
  • same goes for ctime/min and mtime/min)

Thus:

  • find -atime -30 → last accessed less than 30 days ago
  • find -ctime +5 → more than 5 days ago, changes on file itself
  • find -mtime +2 -31 → file's content changed more than two days but less than 31 days ago

also - -daystart: after today, 0.00h

Grepping

find stuff -exec grep {} \; →; the last part ({} \;) is essential - mind the single white space between {} and \;

The -exec options allows incorporating other commands into find

Also: Why one shouldn't parse the output of ls

Related Question